Se connecter / S'enregistrer
Votre question

Virus msn facebook

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Mars 2010 15:26:24

Bonjour
j'ai également cliqué sur le lien car le message provenait d'une amie donc je n'ai pas émis un instant la possiblité d'un virus (c'est mon premier ...)

j'ai fais la procedure et voici les liens ds deux rapports



http://www.cijoint.fr/cjlink.php?file=cj201003/cijG1lUl...

et

http://www.cijoint.fr/cjlink.php?file=cj201003/cijnkAjS...
http://www.cijoint.fr/cjlink.php?file=cj201003/cijNYzdx...

Autres pages sur : virus msn facebook

a c 267 8 Sécurité
15 Mars 2010 17:28:09

Bonjour,

Il n'y a pas que le virus MSN.

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    16 Mars 2010 11:33:04

    Merci - je lance tout cela dès maintenant
    Contenus similaires
    16 Mars 2010 11:47:05

    voici le rapport

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 15/03/10 à 17:00
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 11:35:07 le 16/03/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    Système d'exploitation: Microsoft® Windows Vista™ HomePremium
    Nom du PC: PC-MAISON | Utilisateur actuel: Bernadette (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    C:\Program Files\live-player
    C:\Program Files\MyWebSearch
    C:\Program Files\Search Settings
    C:\Program Files\WebMediaPlayer
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\live-player
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
    C:\Users\Bernadette\AppData\Local\absvgrb.dat
    C:\Users\Bernadette\AppData\Local\absvgrb_nav.dat
    C:\Users\Bernadette\AppData\Local\absvgrb_navps.dat
    C:\Users\Bernadette\AppData\Local\cebelpl.bat
    C:\Users\Bernadette\AppData\Local\gatmn.bat
    C:\Users\Bernadette\AppData\Local\gatmn.exe
    C:\Users\Bernadette\AppData\Local\irmni.dat
    C:\Users\Bernadette\AppData\Local\irmni_nav.dat
    C:\Users\Bernadette\AppData\Local\irmni_navps.dat
    C:\Users\Bernadette\AppData\Local\jdznjgsn.bat
    C:\Users\Bernadette\AppData\Local\kxcgsqua.bat
    C:\Users\Bernadette\AppData\Local\oakkkwo.bat
    C:\Users\Bernadette\AppData\Local\qblvgr.bat
    C:\Users\Bernadette\AppData\Local\qtciclp.bat
    C:\Users\Bernadette\AppData\Local\rdwidor.dat
    C:\Users\Bernadette\AppData\Local\rdwidor_nav.dat
    C:\Users\Bernadette\AppData\Local\rdwidor_navps.dat
    C:\Users\Bernadette\AppData\Local\vwgmvvdm.dat
    C:\Users\Bernadette\AppData\Local\vwgmvvdm.exe
    C:\Users\Bernadette\AppData\Local\vwgmvvdm_nav.dat
    C:\Users\Bernadette\AppData\Local\vwgmvvdm_navps.dat
    C:\Users\Bernadette\AppData\LocalLow\FunWebProducts
    C:\Users\Bernadette\AppData\LocalLow\MyWebSearch
    C:\Users\Bernadette\AppData\LocalLow\Search Settings
    C:\Users\Bernadette\AppData\LocalLow\SweetIM
    C:\Users\Bernadette\AppData\Roaming\live-player
    C:\Users\Public\Desktop\Live-Player.lnk
    C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.0.inf

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\AppDataLow\Software\Fun Web Products
    HKCU\Software\AppDataLow\Software\FunWebProducts
    HKCU\Software\AppDataLow\Software\MyWebSearch
    HKCU\Software\fcn
    HKCU\Software\FunWebProducts
    HKCU\Software\Lanconfig
    HKCU\Software\Live-Player
    HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
    HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
    HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCU\Software\MyWebSearch
    HKCU\Software\Search Settings
    HKCU\Software\SweetIM
    HKCU\Software\WebMediaPlayer
    HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
    HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    HKLM\Software\FocusInteractive
    HKLM\Software\Fun Web Products
    HKLM\Software\FunWebProducts
    HKLM\Software\Live-Player
    HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
    HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vwgmvvdm
    HKLM\Software\MyWebSearch
    HKLM\Software\Search Settings
    HKLM\Software\SweetIM
    HKLM\Software\WebMediaPlayer
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vwgmvvdm
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{66886C4D-B307-4ECA-A228-52CA9B9851A4}
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb125\SearchSettings.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
    .
    ============== SCAN ADDITIONNEL ==============
    .
    .
    * Internet Explorer Version 7.0.6000.16982 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\Windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 0
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\bspatch.exe
    C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
    C:\Users\Bernadette\AppData\Roaming\uTorrent\Advanced MP3 WMA Recorder 6.5 + Keygen.rar.torrent
    C:\Users\Bernadette\AppData\Roaming\uTorrent\Aromatherapy. Patchouli.torrent
    C:\Users\Bernadette\AppData\Roaming\uTorrent\Office 2008 for Mac [fr.]+ serial.1.torrent
    C:\Users\Bernadette\AppData\Roaming\uTorrent\Office 2008 for Mac [fr.]+ serial.torrent
    C:\Users\Bernadette\AppData\Roaming\uTorrent\Serial.noceurs.French.DVDRiP.DivX.FTT.avi.torrent
    .
    ========================================
    .
    C:\Users\BERNAD~1\AppData\Local\Temp: 0 Fichier(s), 12 Dossier(s)
    C:\Windows\temp: 3 Fichier(s), 6 Dossier(s)
    C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Cookies: 2 Fichier(s), 0 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 99 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 122 Fichier(s)
    C:\Ad-Remover\Backup: 15 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 8710 Octet(s)
    .
    Fin à: 11:42:59, 16/03/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    a c 267 8 Sécurité
    16 Mars 2010 14:08:50

    Bien.

  • Relance Ad-Remover et choisis Désinstaller.

  • Télécharge UsbFix (par El Desaparecido & C_XX) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix pour l'exécuter.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    16 Mars 2010 20:10:39

    bonsoir

    voici le rapport usbfix


    ############################## | UsbFix V6.099 |

    User : Bernadette (Administrateurs) # PC-MAISON
    Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 19:45:56 | 16/03/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    Internet Explorer 8.0.6001.18882
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 113,7 Go (41,84 Go free) [ACER] # NTFS
    D:\ -> Disque fixe local # 113,34 Go (58,86 Go free) [DATA] # NTFS
    E:\ -> Disque CD-ROM
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible

    ################## | Elements infectieux |

    C:\Users\Bernadette\GoToAssistDownloadHelper.exe
    C:\Windows\MsnMgr.exe
    C:\a.txt
    C:\Windows\msnmgr.exe

    ################## | Registre |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "sysconfig32"
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{1d71e913-d879-11dc-beae-0019216a3701}
    shell\AutoRun\command =K:\EasyCN.exe

    HKCU\..\..\Explorer\MountPoints2\{27479d59-3c60-11de-a430-0019216a3701}
    shell\AutoRun\command =K:\InstallTomTomHOME.exe

    HKCU\..\..\Explorer\MountPoints2\{55d5bab3-cca8-11dc-a9f9-0019216a3701}
    shell\AutoRun\command =mira.exe

    HKCU\..\..\Explorer\MountPoints2\{8839c9fd-bb1b-11de-abe3-0019216a3701}
    shell\AutoRun\command =mira.exe

    HKCU\..\..\Explorer\MountPoints2\{c9692052-d614-11dc-b545-0019216a3701}
    shell\AutoRun\command =J:\EasyCN.exe

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné !

    ################## | ! Fin du rapport # UsbFix V6.099 ! |

    a c 267 8 Sécurité
    16 Mars 2010 20:18:25

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    17 Mars 2010 11:55:08

    bonjour

    voici le rapport suite à l'option 2 suppression


    ############################## | UsbFix V6.099 |

    User : Bernadette (Administrateurs) # PC-MAISON
    Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 11:04:39 | 17/03/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 113,7 Go (42,79 Go free) [ACER] # NTFS
    D:\ -> Disque fixe local # 113,34 Go (58,83 Go free) [DATA] # NTFS
    E:\ -> Disque CD-ROM
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    Z:\ -> Connexion réseau

    ################## | Elements infectieux |

    Supprimé ! C:\Users\Bernadette\GoToAssistDownloadHelper.exe
    Supprimé ! C:\Windows\MsnMgr.exe
    Supprimé ! C:\Windows\System32\avrugad.exe
    Supprimé ! C:\a.txt
    Supprimé ! C:\$Recycle.Bin\S-1-5-20
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-968316516-2280063185-736783771-1000
    Supprimé ! D:\$Recycle.Bin\S-1-5-20
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-968316516-2280063185-736783771-1000

    ################## | Registre |

    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "sysconfig32"
    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"
    Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{1d71e913-d879-11dc-beae-0019216a3701}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{27479d59-3c60-11de-a430-0019216a3701}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{55d5bab3-cca8-11dc-a9f9-0019216a3701}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{8839c9fd-bb1b-11de-abe3-0019216a3701}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{c9692052-d614-11dc-b545-0019216a3701}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [02/10/2007 18:05|--a------|3958] C:\-20071002.log
    [18/09/2006 22:43|--a------|24] C:\autoexec.bat
    [02/11/2006 10:53|-rahs----|438840] C:\bootmgr
    [07/01/2006 02:20|-ra-s----|8192] C:\BOOTSECT.BAK
    [18/09/2006 22:43|--a------|10] C:\config.sys
    [03/02/2008 15:50|--a------|0] C:\debugSTD.txt
    [28/02/2008 19:31|--a------|20097] C:\DeviceLink.log
    [08/08/2007 14:56|--a------|0] C:\driver.log
    [07/11/2007 08:00|--a------|17734] C:\eula.1028.txt
    [07/11/2007 08:00|--a------|17734] C:\eula.1031.txt
    [07/11/2007 08:00|--a------|10134] C:\eula.1033.txt
    [07/11/2007 08:00|--a------|17734] C:\eula.1036.txt
    [07/11/2007 08:00|--a------|17734] C:\eula.1040.txt
    [07/11/2007 08:00|--a------|118] C:\eula.1041.txt
    [07/11/2007 08:00|--a------|17734] C:\eula.1042.txt
    [07/11/2007 08:00|--a------|17734] C:\eula.2052.txt
    [07/11/2007 08:00|--a------|17734] C:\eula.3082.txt
    [26/08/2008 19:27|--a------|2127] C:\ExtractLog.txt
    [07/11/2007 08:00|--a------|1110] C:\globdata.ini
    [07/11/2007 08:03|--a------|562688] C:\install.exe
    [07/11/2007 08:00|--a------|843] C:\install.ini
    [07/11/2007 08:03|--a------|76304] C:\install.res.1028.dll
    [07/11/2007 08:03|--a------|96272] C:\install.res.1031.dll
    [07/11/2007 08:03|--a------|91152] C:\install.res.1033.dll
    [07/11/2007 08:03|--a------|97296] C:\install.res.1036.dll
    [07/11/2007 08:03|--a------|95248] C:\install.res.1040.dll
    [07/11/2007 08:03|--a------|81424] C:\install.res.1041.dll
    [07/11/2007 08:03|--a------|79888] C:\install.res.1042.dll
    [07/11/2007 08:03|--a------|75792] C:\install.res.2052.dll
    [07/11/2007 08:03|--a------|96272] C:\install.res.3082.dll
    [11/02/2008 21:15|-rahs----|0] C:\IO.SYS
    [11/02/2008 21:15|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [10/04/2008 20:53|--a------|13030] C:\PDOXUSRS.NET
    [02/06/2007 15:16|--a------|72] C:\PLarousse2007
    [06/01/2006 18:38|--a------|351] C:\RHDSetup.log
    [06/01/2006 18:55|--a------|178] C:\setup.log
    [06/01/2006 18:59|--a------|0] C:\Trace.log
    [17/03/2010 11:18|--a------|4147] C:\UsbFix.txt
    [07/11/2007 08:00|--a------|5686] C:\vcredist.bmp
    [07/11/2007 08:09|--a------|1442522] C:\VC_RED.cab
    [07/11/2007 08:12|--a------|232960] C:\VC_RED.MSI
    [20/10/2008 09:18|---hs----|2836] D:\AlbumArtSmall.jpg
    [20/10/2008 09:18|---hs----|12058] D:\Folder.jpg
    [27/07/2007 07:04|-ra------|528] D:\MediaID.bin
    [08/12/2007 16:51|--a------|445] D:\Xtra_Lespeed.txt

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-Maison.zip : http://chiquitine.changelog.fr/Sample/Upload.php
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.099 ! |

    a c 267 8 Sécurité
    17 Mars 2010 14:16:44

  • Relance UsbFix et choisis l'option 6 pour le désinstaller.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    18 Mars 2010 13:46:32

    Bonjour

    Voici le rapport suite à malwarebytes

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3879
    Windows 6.0.6000
    Internet Explorer 8.0.6001.18882

    18/03/2010 13:45:33
    mbam-log-2010-03-18 (13-45-33).txt

    Type de recherche: Examen rapide
    Eléments examinés: 115286
    Temps écoulé: 5 minute(s), 56 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Local AppWizard-Generated Applications\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mandel Enterprises (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.
    C:\Windows\System32\kazaabackupfiles (Worm.Archive) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\$RECYCLE.BIN\S-1-5-21-968316516-2280063185-736783771-1000\$RCG0I3F\msnmgr.exe.UsbFix (Worm.Bot) -> Quarantined and deleted successfully.
    C:\Windows\system32\Drivers\heqqjfqd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Windows\sysconfig32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\Bernadette\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\Bernadette\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.


    a c 267 8 Sécurité
    18 Mars 2010 14:29:22

    Le PC va mieux ?

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan OTL et poste le rapport OTL.
    18 Mars 2010 17:00:15

    Re bonjour

    alors oui le pc semble aller mieux, sauf peut etre, cela : cela fait deux fois qu'au redemarrage de l'ordinateur j'arrive sur "redemarrer windows normalemnt" ou "faire un scan ??"

    voici le rapport OTL

    OTL logfile created on: 18/03/2010 16:45:11 - Run 2
    OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Bernadette\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18882)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
    4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 113,70 Gb Total Space | 42,24 Gb Free Space | 37,16% Space Free | Partition Type: NTFS
    Drive D: | 113,34 Gb Total Space | 58,86 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PC-MAISON
    Current User Name: Bernadette
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Bernadette\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
    PRC - C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
    PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Bernadette\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- File not found
    SRV - (CLTNetCnService) -- File not found
    SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
    SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
    SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
    SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
    SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
    SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
    SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
    SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
    DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
    DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
    DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (AVR309Prj) -- C:\Windows\System32\drivers\AVR309.sys (author Ing. Igor Cesko and Atmel corporation)
    DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
    DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
    DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
    DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
    DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
    DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
    DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
    DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
    DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/16 18:20:53 | 000,000,000 | ---D | M]

    [2009/12/02 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\Bernadette\AppData\Roaming\mozilla\Extensions

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: ::1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
    O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll (Copernic Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll (Copernic Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [捁牥吠畯r] File not found
    O4 - Startup: C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Atelier des Chefs.lnk = C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\LAtelier des Chefs.exe (L'atelier des Chefs)
    O4 - Startup: C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
    O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Bernadette\Documents\Création Bien Etre\image pour logo\galets_japon.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Bernadette\Documents\Création Bien Etre\image pour logo\galets_japon.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/03/17 11:18:12 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/03/17 11:18:12 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/03/18 13:49:39 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/03/18 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\AppData\Roaming\Malwarebytes
    [2010/03/18 13:37:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/03/18 13:37:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/03/18 13:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/03/18 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/03/18 13:37:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bernadette\Desktop\mbam-setup.exe
    [2010/03/17 11:18:12 | 000,000,000 | RHSD | C] -- C:\autorun.inf
    [2010/03/17 09:17:42 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/03/17 09:17:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/03/17 09:17:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/03/17 09:17:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/03/17 09:17:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/03/17 09:17:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/03/17 09:17:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/03/17 09:17:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/03/17 09:17:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/03/17 09:17:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/03/17 09:17:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/03/17 09:17:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/03/17 09:17:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/03/17 09:17:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/03/17 09:16:27 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    [2010/03/16 19:44:46 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010/03/16 16:27:31 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
    [2010/03/16 16:19:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2010/03/16 16:19:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2010/03/16 16:19:10 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2010/03/16 16:19:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
    [2010/03/16 16:19:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
    [2010/03/16 16:19:09 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2010/03/16 16:19:09 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2010/03/16 16:19:09 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2010/03/16 16:19:09 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2010/03/16 16:19:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/03/16 16:19:09 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2010/03/16 16:19:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/03/16 16:19:08 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
    [2010/03/16 16:19:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2010/03/16 16:19:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2010/03/16 16:19:08 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2010/03/16 16:19:07 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2010/03/16 16:19:07 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2010/03/16 16:19:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2010/03/16 16:19:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2010/03/16 16:19:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2010/03/16 16:19:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/03/16 16:19:05 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2010/03/16 16:19:04 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
    [2010/03/16 16:19:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2010/03/16 16:19:04 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2010/03/16 11:35:07 | 000,000,000 | ---D | C] -- C:\Ad-Remover
    [2010/03/16 11:34:35 | 001,321,896 | ---- | C] (C_XX) -- C:\Users\Bernadette\Desktop\AD-R.exe
    [2010/03/15 15:14:19 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Bernadette\Desktop\OTL.exe
    [2010/03/13 14:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx
    [2010/03/13 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\DoctorWeb
    [2010/03/13 03:13:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
    [2010/03/11 03:01:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
    [2010/03/11 03:01:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
    [2010/03/01 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\Documents\Mes numérisations
    [2010/02/24 04:14:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2010/02/24 04:13:26 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2010/02/24 04:13:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2010/02/24 04:13:26 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2010/02/24 04:13:26 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2010/02/24 04:13:26 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2010/02/24 04:13:26 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2010/02/24 04:13:26 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2010/02/24 04:13:26 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2010/02/24 04:13:26 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2010/02/18 18:01:11 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2010/02/18 18:01:09 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2006/01/06 19:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/03/18 16:47:36 | 007,077,888 | -HS- | M] () -- C:\Users\Bernadette\ntuser.dat
    [2010/03/18 16:47:12 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\heqqjfqd.sys
    [2010/03/18 16:00:01 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
    [2010/03/18 15:56:30 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/03/18 15:56:30 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/03/18 13:56:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/03/18 13:56:22 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
    [2010/03/18 13:55:32 | 128,338,348 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/03/18 13:48:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/03/18 13:48:13 | 003,088,406 | -H-- | M] () -- C:\Users\Bernadette\AppData\Local\IconCache.db
    [2010/03/18 13:47:58 | 000,013,258 | ---- | M] () -- C:\Users\Bernadette\Documents\attestation.docx
    [2010/03/18 13:37:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/18 13:37:27 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bernadette\Desktop\mbam-setup.exe
    [2010/03/18 13:18:50 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D6016B5-EE64-4CCD-BBC6-AAC899F8FE06}.job
    [2010/03/16 14:22:31 | 000,143,360 | ---- | M] () -- C:\Users\Bernadette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/16 14:13:23 | 000,069,016 | ---- | M] () -- C:\Users\Bernadette\Documents\eau diamant.docx
    [2010/03/16 14:11:58 | 000,137,005 | ---- | M] () -- C:\Users\Bernadette\Documents\Eau Diamant - Message sur l'Eau Diamant.mht
    [2010/03/16 11:34:35 | 001,321,896 | ---- | M] (C_XX) -- C:\Users\Bernadette\Desktop\AD-R.exe
    [2010/03/15 15:14:20 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Bernadette\Desktop\OTL.exe
    [2010/03/11 12:04:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/03/06 17:44:36 | 000,032,933 | ---- | M] () -- C:\Users\Bernadette\Documents\affiramtion fleurs du bush.docx
    [2010/03/04 18:21:13 | 000,757,226 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2010/03/04 18:21:12 | 001,690,840 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/03/04 18:21:12 | 000,667,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/03/04 18:21:12 | 000,145,534 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2010/03/04 18:21:12 | 000,125,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/02/26 16:39:43 | 002,755,186 | ---- | M] () -- C:\Users\Bernadette\Documents\Offre_de_credit_EMPRUNTEUR_LOCATAIRE_01.tif
    [2010/02/26 14:22:34 | 001,579,476 | ---- | M] () -- C:\Users\Bernadette\Documents\facture_du_20100204[1]_01.tif
    [2010/02/26 14:06:06 | 000,122,368 | ---- | M] () -- C:\Users\Bernadette\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/02/25 15:21:10 | 000,013,300 | ---- | M] () -- C:\Users\Bernadette\Documents\etiquette site web.docx
    [2010/02/25 15:21:10 | 000,000,162 | -H-- | M] () -- C:\Users\Bernadette\Documents\~$iquette site web.docx
    [2010/02/25 03:20:07 | 000,418,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/02/24 09:50:00 | 000,435,830 | ---- | M] () -- C:\Users\Bernadette\Documents\RIB paru vendu.jpg
    [2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2010/02/21 00:54:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
    [2010/02/21 00:51:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/03/18 13:37:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/18 12:06:04 | 000,013,258 | ---- | C] () -- C:\Users\Bernadette\Documents\attestation.docx
    [2010/03/17 09:17:40 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010/03/16 14:13:22 | 000,069,016 | ---- | C] () -- C:\Users\Bernadette\Documents\eau diamant.docx
    [2010/03/16 14:11:57 | 000,137,005 | ---- | C] () -- C:\Users\Bernadette\Documents\Eau Diamant - Message sur l'Eau Diamant.mht
    [2010/03/06 17:44:35 | 000,032,933 | ---- | C] () -- C:\Users\Bernadette\Documents\affiramtion fleurs du bush.docx
    [2010/02/26 16:39:42 | 002,755,186 | ---- | C] () -- C:\Users\Bernadette\Documents\Offre_de_credit_EMPRUNTEUR_LOCATAIRE_01.tif
    [2010/02/26 14:22:32 | 001,579,476 | ---- | C] () -- C:\Users\Bernadette\Documents\facture_du_20100204[1]_01.tif
    [2010/02/25 15:21:10 | 000,000,162 | -H-- | C] () -- C:\Users\Bernadette\Documents\~$iquette site web.docx
    [2010/02/25 15:21:09 | 000,013,300 | ---- | C] () -- C:\Users\Bernadette\Documents\etiquette site web.docx
    [2010/02/24 09:50:00 | 000,435,830 | ---- | C] () -- C:\Users\Bernadette\Documents\RIB paru vendu.jpg
    [2009/12/17 17:47:15 | 000,802,304 | ---- | C] () -- C:\Windows\System32\drivers\heqqjfqd.sys
    [2009/12/14 12:51:26 | 000,018,605 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/08/03 16:45:14 | 000,000,057 | ---- | C] () -- C:\Windows\yesmessenger.ini
    [2009/02/22 12:13:05 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2008/08/22 09:10:20 | 000,000,784 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/08/18 18:59:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
    [2008/07/31 09:10:15 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
    [2008/07/10 10:00:54 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2008/05/15 08:43:01 | 000,000,680 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\d3d9caps.dat
    [2008/02/14 20:05:21 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
    [2008/02/11 21:15:57 | 000,000,586 | ---- | C] () -- C:\Windows\FNTNSTLR.INI
    [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2008/02/03 08:34:41 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2008/01/11 20:33:51 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\9265F3658C.sys
    [2008/01/11 20:24:02 | 000,002,516 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2008/01/09 19:48:04 | 000,475,136 | ---- | C] () -- C:\Windows\System32\SAGEPERS.DLL
    [2007/12/26 22:28:24 | 000,000,675 | ---- | C] () -- C:\Users\Bernadette\AppData\Roaming\waver_2.95.dat
    [2007/09/30 15:24:54 | 000,446,976 | ---- | C] () -- C:\Windows\System32\ShellMPD.dll
    [2007/09/16 10:11:38 | 000,003,192 | ---- | C] () -- C:\Windows\mgxoschk.ini
    [2007/08/22 09:17:28 | 000,000,098 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\fusioncache.dat
    [2007/08/04 17:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2007/06/03 08:26:58 | 000,000,000 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\rx_image.Cache
    [2007/05/31 08:40:40 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2007/04/29 13:52:44 | 000,143,360 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/29 10:31:01 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2007/04/29 10:31:01 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
    [2007/02/22 02:00:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
    [2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
    [2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
    [2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
    [2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
    [2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
    [2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
    [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/01 20:54:30 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2006/11/01 20:52:38 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2006/01/07 03:30:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2006/01/07 02:19:59 | 000,000,985 | ---- | C] () -- C:\Windows\generic.ini
    [2006/01/07 02:19:59 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini
    [2006/01/06 19:05:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
    [2006/01/06 18:54:39 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
    [2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
    [2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
    [2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2004/01/22 17:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2003/11/18 00:37:20 | 000,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2002/03/06 22:19:16 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
    [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
    [2001/01/12 10:52:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\vbpng.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 48 bytes -> C:\Windows:C1B395FF4567C6F2
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:228EA9DE
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:57F9582D
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D FC5A2B2
    < End of report >
    a c 267 8 Sécurité
    18 Mars 2010 17:53:29

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    SRV - (RoxLiveShare9) -- File not found
    SRV - (CLTNetCnService) -- File not found
    [2010/03/18 16:47:12 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\heqqjfqd.sys

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Run Fix en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS